Re: Explain enable-primary-nexthop script

This script reacts to RPM events from a specifically configured RPM test. You can find details on the configuration required in the PDF README file, available for download on the same page where you download the code.

Part of the configuration includes two event policies, which executes either the enable-primary-nexthop.slax or enable-alternate-next-hop.slax script, and provides them with a single argument: next-hop-interface.

So, when these scripts start, their $next-hop-interface parameter has been set to the value provided by your event policy. Execution starts within the match / template, where the first action is to open a management connection via jcspen(). Next, the $next-hop-interface parameter is combined with a ".0" to form a new $logical-interface variable. This is important because it indicates that the script is written to work only with the .0 logical interface of the physical interface. If you wish to disable a VLAN for example you would have to modify it.

A configuration change is then created and assigned to the $change-route variable. This configuration change does three things: First, it delete the existing default route. Second, it adds a default route pointing to the $logical-interface, and third, it deletes the disable statement from the $next-hop-interface.

The fact that the script makes the interface the next-hop of the route indicates that the interface must be p2p. Otherwise the configuration will fail.

Finally, the configuration change is applied via the jcs:load-configuration template.

The companion script, enable-alternate-next-hop.slax, is similar. But in this case it disables the $next-hop-interface and makes the default route point towards a hard-coded alternate interface of "dl2.0". You would need to modify that alternate next-hop to whatever interface you prefer.

Re: Explain enable-primary-nexthop script

Would you actually want the primary interface to be disabled when the RPM test fails, or would you just want the next-hop of the default route to switch to the backup? For example, if your RPM test is to a destination out of the primary then disabling it is a good way of ensuring that the test will never succeed.

Re: Explain enable-primary-nexthop script

No, the above solution is only intended for static routes that have next hops manually configured in the configuration. If they are coming via DHCP then the script would have to be altered, but I'm not sure what changes are required as I'm not familiar with the particular scenario you're referring to.

Re: Explain enable-primary-nexthop script

I found ip-track.slax script. This is an Event script that will simulate a track-ip. The script will take an argument of the host ip and number of ping requests. The script will determine the host down if the number of pings (threshold) lost is greater than 50%. It will not bring the interface down if the number of ping failures is less than 50%. In the script you will need to adjust the interface to bring down and the ping threshold parameters. It is currently set to ge-0/0/2. This will execute every minute.

I want to modify the script to activate/deactivate firewall filter on interface or change next-hop on routing-instances rather than disable the interface. Can anyone explain how to do that and give an example? Thanks.

So it is working well. The drawback of this configuration is that it works and recover from ISP1/2 to ISP2/1 only if the

physical interface goes down. But I have the firewall connected via ethernet to the CPE router of the ISPx and the ethernet never goes down. So if the WAN link is down the only way to test it is to use "ping server", a host in the network cloud of the ISP.

Your script instead is fine because if the "ping server" (the rpm target address) is down it install the default route on the second ISP.

The main problem is that I have in routing table three routing instances inet.0, routing-table-ISP1 and routing-table-ISP2; if the "ping server" of the ISP2 goes down I've to change the default route of the routing-table-ISP2 and not the inet.0. Is this possible to do?

Furthermore I need to use two "ping server" one for each ISP in order to swap to the other ISP if the relative "ping server" is down.

Then you will have to edit the script, to modify the configuration under the specific routing instance.You can use an if statement to match the probe name, and then you can define the configuration change like this:

Re: Explain enable-primary-nexthop script

could you please post your modified watch-default-ISP1.slax script? I'm working on the same problem right now, but the script can't detect the inactive route on the routing-instance. Deactivation of the qualified-next-hop is working fine.